Nice work ! I wonder how this compares to Graylog which is another open-source(quite mature) project. Graylog SIEM looks and feels exactly like enterprise SIEM Splunk.
Thank you! I'd say the biggest difference is that Panther uses Python3 for detections and SQL/Presto for searching the data. This gives analysts/engineers more freedom and flexibility to find what they're looking for.
We also utilize open source or cloud-native transport mechanisms like fluentd/s3/etc, verses rolling our own.
They are both similar (graylof and splunk) but they lack bells and whistles traditional SIEMs like Arcsight or Qradar have so I hope Panther does a lot more!
We also utilize open source or cloud-native transport mechanisms like fluentd/s3/etc, verses rolling our own.